The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hello.. I am a webmaster of a large fansite for Savage Garden. A danish one, cause I live there folks!
Well.. I have created a quite sophisticated logon system for the site. It is based in Java Script, where the user enters a name and a password in a form. It is prosessed like this: If (username) = (myusename) && (password) = (mypasword) then open the page, otherwise reject the user..
BUT! I have to exclude all Netscape users because Netscape writes an error: "parent.info.logform. has no propperties."
I must tell that the values are processed through a hidden frame in the top wich I use for storing the values, so the different pages inside can call them up later.. I refuse to use cookies for security reasons!
Please tell me why Netscape does this!!

You refuse to use cookies for security reasons yet post all the userids and passwords in a hidden frame that will take any one with a little bit of knowledge ten seconds to get into?

I find that a little hard to believe. Anyway you currently have no security. I would look into using either .htaccess files or a CGI (PERL, PHP, ASP) solution instead of Javascript. Javascript is not secure in the least. One look at the source code and its all blown apart.

Notice I've put *'s over some of the values, but, as I've demonstrated, any experienced Web developer can obtain a complete list of usernames and passwords to your site in about 1 minute.

For the record, the following code will work as you expect it to in Netscape and MSIE. But as you can see it is a very very bad idea to rely on this code to provide any kind of security for your site. Even if you are happy with a false sense of security, your users will not be!

Okay listen up folks...
This site is not Yahoo! or something, and people donīt keep private stuff in there. The only reason we use the password protection is to keep other Savage Garden fans from stealing our material. When we add new users, we tell them to use a password that does NOT appear anywhere else. We also ask the user, in detailed instructions, to delete all temporary downloaded material.
We know that "Right click protection" does not offer security, since the files and images are downloaded into a temporary folder, but the reason for using it is again; we would like to prevent other fans from stealing our material. Not many of thoose Savage Garden fans in Denmark knows how a webpage works. Believe me.. Iīve checked that.
We are working on implimenting a new logon system, based on a java applet, and a random script wich modifies the logon files name each time it is downloaded...

And to you who posted a solution for my Netscape problem. Wich was the only actual reason for me to write here.. Thank you! I really like when folks help out in an honnest way!